/conf.default/config.xml - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/conf.default/config.xml @ 17da6c79

       <?xml version="1.0"?>
       <!-- pfSense default system configuration -->
       <pfsense>
       	<version>1.4</version>
       	<lastchange></lastchange>
       	<system>
       		<optimization>normal</optimization>
       		<schedulertype>priq</schedulertype>
       		<hostname>pfSense</hostname>
       		<domain>local</domain>
       		<dnsserver></dnsserver>
       		<dnsallowoverride/>
       		<username>admin</username>
       		<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
       		<timezone>Etc/UTC</timezone>
       		<time-update-interval>300</time-update-interval>
       		<timeservers>pool.ntp.org</timeservers>
       		<webgui>
       			<protocol>http</protocol>
       			<!--
       			<port></port>
       			<certificate></certificate>
       			<private-key></private-key>
       			<noassigninterfaces/>
       			<expanddiags/>
       			<noantilockout></noantilockout>
       			-->
       		</webgui>
       		<!-- <disableconsolemenu/> -->
       		<!-- <disablefirmwarecheck/> -->
       		<!-- <shellcmd></shellcmd> -->
       		<!-- <earlyshellcmd></earlyshellcmd> -->
       		<!-- <harddiskstandby></harddiskstandby> -->
       	</system>
       	<interfaces>
       		<lan>
       			<if>sis0</if>
       			<ipaddr>192.168.1.1</ipaddr>
       			<subnet>24</subnet>
       			<media></media>
       			<mediaopt></mediaopt>
       			<bandwidth>100</bandwidth>
       			<bandwidthtype>Mb</bandwidthtype>
       			<!--
       			<wireless>
       				*see below (opt[n])*
       			</wireless>
       			-->
       		</lan>
       		<wan>
       			<if>sis1</if>
       			<mtu></mtu>
       			<ipaddr>dhcp</ipaddr>
       			<!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' -->
       			<subnet></subnet>
       			<gateway></gateway>
       			<blockpriv/>
       			<dhcphostname></dhcphostname>
       			<media></media>
       			<mediaopt></mediaopt>
       			<bandwidth>100</bandwidth>
       			<bandwidthtype>Mb</bandwidthtype>
       			<!--
       			<wireless>
       				*see below (opt[n])*
       			</wireless>
       			-->
       		</wan>
       		<!--
       		<opt[n]>
       			<enable/>
       			<descr></descr>
       			<if></if>
       			<ipaddr></ipaddr>
       			<subnet></subnet>
       			<media></media>
       			<mediaopt></mediaopt>
       			<bridge>lan|wan|opt[n]</bridge>
       			<wireless>
       				<mode>hostap *or* bss *or* ibss</mode>
       				<ssid></ssid>
       				<channel></channel>
       				<wep>
       					<enable/>
       					<key>
       						<txkey/>
       						<value></value>
       					</key>
       				</wep>
       			</wireless>
       		</opt[n]>
       		-->
       	</interfaces>
       	<!--
       	<vlans>
       		<vlan>
       			<tag></tag>
       			<if></if>
       			<descr></descr>
       		</vlan>
       	</vlans>
       	-->
       	<staticroutes>
       		<!--
       		<route>
       			<interface>lan|opt[n]|pptp</interface>
       			<network>xxx.xxx.xxx.xxx/xx</network>
       			<gateway>xxx.xxx.xxx.xxx</gateway>
       			<descr></descr>
       		</route>
       		-->
       	</staticroutes>
       	<pppoe>
       		<username></username>
       		<password></password>
       		<provider></provider>
       		<!--
       		<ondemand/>
       		<timeout></timeout>
       		-->
       	</pppoe>
       	<pptp>
       		<username></username>
       		<password></password>
       		<local></local>
       		<subnet></subnet>
       		<remote></remote>
       		<!--
       		<ondemand/>
       		<timeout></timeout>
       		-->
       	</pptp>
       	<bigpond>
       		<username></username>
       		<password></password>
       		<authserver></authserver>
       		<authdomain></authdomain>
       		<minheartbeatinterval></minheartbeatinterval>
       	</bigpond>
       	<dyndns>
       		<!-- <enable/> -->
       		<type>dyndns</type>
       		<username></username>
       		<password></password>
       		<host></host>
       		<mx></mx>
       		<!-- <wildcard/> -->
       	</dyndns>
       	<dhcpd>
       		<lan>
       			<enable/>
       			<range>
       				<from>192.168.1.100</from>
       				<to>192.168.1.199</to>
       			</range>
       			<!--
       			<winsserver>xxx.xxx.xxx.xxx</winsserver>
       			<defaultleasetime></defaultleasetime>
       			<maxleasetime></maxleasetime>
       			<gateway>xxx.xxx.xxx.xxx</gateway>
       			<domain></domain>
       			<dnsserver></dnsserver>
       			<next-server></next-server>
       			<filename></filename>
       			-->
       		</lan>
       		<!--
       		<opt[n]>
       			...
       		</opt[n]>
       		-->
       		<!--
       		<staticmap>
       			<mac>xx:xx:xx:xx:xx:xx</mac>
       			<ipaddr>xxx.xxx.xxx.xxx</ipaddr>
       			<descr></descr>
       		</staticmap>
       		-->
       	</dhcpd>
       	<pptpd>
       		<mode><!-- off *or* server *or* redir --></mode>
       		<redir></redir>
       		<localip></localip>
       		<remoteip></remoteip>
       		<!-- <accounting/> -->
       		<!--
       		<user>
       			<name></name>
       			<password></password>
       		</user>
       		-->
       	</pptpd>
       	<ovpn>
       		<!--
       		<server>
       			<enable/>
       			<ca_cert></ca_cert>
       			<srv_cert></srv_cert>
       			<srv_key></srv_key>
       			<dh_param></dh_param>
       			<verb></verb>
       			<tun_iface></tun_iface>
       			<port></port>
       			<bind_iface></bind_iface>
       			<cli2cli/>
       			<maxcli></maxcli>
       			<prefix></prefix>
       			<ipblock></ipblock>
       			<crypto></crypto>
       			<dupcn/>
       			<psh_options>
       				<redir></redir>
       				<redir_loc></redir_loc>
       				<rte_delay></rte_delay>
       				<ping></ping>
       				<pingrst></pingrst>
       				<pingexit></pingexit>
       				<inact></inact>
       			</psh_options>
       		</server>
       		<client>
       			<tunnel></tunnel>
       			<ca_cert></ca_cert>
       			<cli_cert></cli_cert>
       			<cli_key></cli_key>
       			<type></type>
       			<tunnel>
       				<if></if>
       				<proto></proto>
       				<cport></cport>
       				<saddr></saddr>
       				<sport></sport>
       				<crypto></crypto>
       			</tunnel>
       		</client>
       		-->
       	</ovpn>
       	<dnsmasq>
       		<enable/>
       		<!--
       		<hosts>
       			<host></host>
       			<domain></domain>
       			<ip></ip>
       			<descr></descr>
       		</hosts>
       		-->
       	</dnsmasq>
       	<snmpd>
       		<!-- <enable/> -->
       		<syslocation></syslocation>
       		<syscontact></syscontact>
       		<rocommunity>public</rocommunity>
       	</snmpd>
       	<diag>
       		<ipv6nat>
       			<!-- <enable/> -->
       			<ipaddr></ipaddr>
       		</ipv6nat>
       	</diag>
       	<bridge>
       		<!-- <filteringbridge/> -->
       	</bridge>
       	<syslog>
       		<rawfilter/>
       		<!--
       		<reverse/>
       		<enable/>
       		<remoteserver>xxx.xxx.xxx.xxx</remoteserver>
       		<filter/>
       		<dhcp/>
       		<system/>
       		<nologdefaultblock/>
       		-->
       	</syslog>
       	<!--
       	<captiveportal>
       		<enable/>
       		<interface>lan|opt[n]</interface>
       		<idletimeout>minutes</idletimeout>
       		<timeout>minutes</timeout>
       		<page>
       			<htmltext></htmltext>
       			<errtext></errtext>
       		</page>
       		<httpslogin/>
       		<httpsname></httpsname>
       		<certificate></certificate>
       		<private-key></private-key>
       		<redirurl></redirurl>
       		<radiusip></radiusip>
       		<radiusport></radiusport>
       		<radiuskey></radiuskey>
       		<nomacfilter/>
       	</captiveportal>
       	-->
       	<nat>
       		<ipsecpassthru>
       			<enable/>
       		</ipsecpassthru>
       		<!--
       		<rule>
       			<interface></interface>
       			<external-address></external-address>
       			<protocol></protocol>
       			<external-port></external-port>
       			<target></target>
       			<local-port></local-port>
       			<descr></descr>
       		</rule>
       		-->
       		<!--
       		<onetoone>
       			<interface></interface>
       			<external>xxx.xxx.xxx.xxx</external>
       			<internal>xxx.xxx.xxx.xxx</internal>
       			<subnet></subnet>
       			<descr></descr>
       		</onetoone>
       		-->
       		<!--
       		<advancedoutbound>
       			<enable/>
       			<rule>
       				<interface></interface>
       				<source>
       					<network>xxx.xxx.xxx.xxx/xx</network>
       				</source>
       				<destination>
       					<not/>
       					<any/>
       					*or*
       					<network>xxx.xxx.xxx.xxx/xx</network>
       				</destination>
       				<target>xxx.xxx.xxx.xxx</target>
       				<descr></descr>
       			</rule>
       		</advancedoutbound>
       		-->
       		<!--
       		<servernat>
       			<ipaddr></ipaddr>
       			<descr></descr>
       		</servernat>
       		-->
       	</nat>
       	<filter>
       		<!-- <tcpidletimeout></tcpidletimeout> -->
       		<rule>
       			<type>pass</type>
       			<descr>Default LAN -&gt; any</descr>
       			<interface>lan</interface>
       			<source>
       				<network>lan</network>
       			</source>
       			<destination>
       				<any/>
       			</destination>
       		</rule>
       		<!-- rule syntax:
       		<rule>
       			<disabled/>
       			<type>pass|block|reject</type>
       			<descr>...</descr>
       			<interface>lan|opt[n]|wan|pptp</interface>
       			<protocol>tcp|udp|tcp/udp|...</protocol>
       			<icmptype></icmptype>
       			<source>
       				<not/>
       				<address>xxx.xxx.xxx.xxx(/xx) or alias</address>
       				*or*
       				<network>lan|opt[n]|pptp</network>
       				*or*
       				<any/>
       				<port>a[-b]</port>
       			</source>
       			<destination>
       				*same as for source*
       			</destination>
       			<frags/>
       			<log/>
       		</rule>
       		-->
       	</filter>
       	<shaper>
       		<!-- <enable/> -->
       		<!-- rule syntax:
       		<rule>
       			<disabled/>
       			<descr></descr>
       			<targetpipe>number (zero based)</targetpipe>
       			*or*
       			<targetqueue>number (zero based)</targetqueue>
       			<interface>lan|wan|opt[n]|pptp</interface>
       			<protocol>tcp|udp</protocol>
       			<direction>in|out</direction>
       			<source>
       				<not/>
       				<address>xxx.xxx.xxx.xxx(/xx)</address>
       				*or*
       				<network>lan|opt[n]|pptp</network>
       				*or*
       				<any/>
       				<port>a[-b]</port>
       			</source>
       			<destination>
       				*same as for source*
       			</destination>
       			<iplen>from[-to]</iplen>
       			<iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos>
       			<tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags>
       		</rule>
       		<pipe>
       			<descr></descr>
       			<bandwidth></bandwidth>
       			<delay></delay>
       			<mask>source|destination</mask>
       		</pipe>
       		<queue>
       			<descr></descr>
       			<targetpipe>number (zero based)</targetpipe>
       			<weight></weight>
       			<mask>source|destination</mask>
       		</queue>
       		-->
       	</shaper>
       	<ipsec>
                       <preferredoldsa/>
       		<!-- <enable/> -->
       		<!-- syntax:
       		<tunnel>
       			<disabled/>
       			<auto/>
       			<descr></descr>
       			<interface>lan|wan|opt[n]</interface>
       			<local-subnet>
       				<address>xxx.xxx.xxx.xxx(/xx)</address>
       				*or*
       				<network>lan|opt[n]</network>
       			</local-subnet>
       			<remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet>
       			<remote-gateway></remote-gateway>
       			<p1>
       				<mode></mode>
       				<myident>
       					<myaddress/>
       					*or*
       					<address>xxx.xxx.xxx.xxx</address>
       					*or*
       					<fqdn>the.fq.dn</fqdn>
       				</myident>
       				<encryption-algorithm></encryption-algorithm>
       				<hash-algorithm></hash-algorithm>
       				<dhgroup></dhgroup>
       				<lifetime></lifetime>
       				<pre-shared-key></pre-shared-key>
       			</p1>
       			<p2>
       				<protocol></protocol>
       				<encryption-algorithm-option></encryption-algorithm-option>
       				<hash-algorithm-option></hash-algorithm-option>
       				<pfsgroup></pfsgroup>
       				<lifetime></lifetime>
       			</p2>
       		</tunnel>
       		<mobileclients>
       			<enable/>
       			<p1>
       				<mode></mode>
       				<myident>
       					<myaddress/>
       					*or*
       					<address>xxx.xxx.xxx.xxx</address>
       					*or*
       					<fqdn>the.fq.dn</fqdn>
       				</myident>
       				<encryption-algorithm></encryption-algorithm>
       				<hash-algorithm></hash-algorithm>
       				<dhgroup></dhgroup>
       				<lifetime></lifetime>
       			</p1>
       			<p2>
       				<protocol></protocol>
       				<encryption-algorithm-option></encryption-algorithm-option>
       				<hash-algorithm-option></hash-algorithm-option>
       				<pfsgroup></pfsgroup>
       				<lifetime></lifetime>
       			</p2>
       		</mobileclients>
       		<mobilekey>
       			<ident></ident>
       			<pre-shared-key></pre-shared-key>
       		</mobilekey>
       		-->
       	</ipsec>
       	<aliases>
       		<!--
       		<alias>
       			<name></name>
       			<address>xxx.xxx.xxx.xxx(/xx)</address>
       			<descr></descr>
       		</alias>
       		-->
       	</aliases>
       	<proxyarp>
       		<!--
       		<proxyarpnet>
       			<network>xxx.xxx.xxx.xxx/xx</network>
       			*or*
       			<range>
       				<from>xxx.xxx.xxx.xxx</from>
       				<to>xxx.xxx.xxx.xxx</to>
       			</range>
       		</proxyarpnet>
       		-->
       	</proxyarp>
       	<wol>
       		<!--
       		<wolentry>
       			<interface>lan|opt[n]</interface>
       			<mac>xx:xx:xx:xx:xx:xx</mac>
       			<descr></descr>
       		</wolentry>
       		-->
       	</wol>
       	<installedpackages>
       	</installedpackages>
       </pfsense>

(1-1/1)

Project

General

Profile

pfSense